Post thumbnail
These are the books that I read in Q2 2020 that I think are worth your time. Sorry it’s late. They’re still worthwhile. 🙂 Cyber You’ll See This Message When It Is Too Late, by Josephine Wolff. This is an interesting examination of the effects of finger-pointing and blame avoidance on the cybersecurity landscape, with…
Read More Worthwhile books Q2 2020
Post thumbnail
So Chris Romeo has a blog post, “Threat modeling: better caught than taught.” In it, he advocates for threat modeling being a skill passed on informally. And, like many things in threat modeling, that’s attractive, sounds fun, and is utterly wrong. Let’s threat model this: What are we working on? Scaling threat modeling across all…
Read More Better Taught Than Caught!
Post thumbnail
I have something to disclose: the release of my new course on information disclosurehas just launched on Linkedin! 🎉🥂 To celebrate, I’ve made it easier to disclose the contents by making it free for you link here Please help me disclose this information to the world!
Read More Information Disclosure In Depth!
Post thumbnail
I’ll be speaking at the MDIC’s Annual Public Forum today, discussing how threat modeling helps bring maturity to the medtech sector. Join us shortly!
Read More MDIC Annual Public Forum
Post thumbnail
At the Biohacking Village at Defcon, there was an interesting talk on Includes No Dirt threat modeling. I thought this slide was particularly interesting. As threat modeling moves from an idea through pilots and deployments, and we develop the organizational disciplines of threat modeling, the question of ‘when do we do this’ comes up. There’s…
Read More When to Threat ModelNathan Hamiel has a really good post on Maximizing The Value of Virtual Security Conferences. To his key point of ‘know what you want to get out of it’ and ‘know what it would take to make it happen,’ I want to add two ideas: First, take notes with a pen and paper. This is…
Read More Maximizing The Value of Virtual Security Conferences
Post thumbnail
There’s a post from Helen L. of the UK’s NCSC, A sociotechnical approach to cyber security. Her post shares the context of socio-technical approaches, discussed the (re-named) RISCS institute, and shares the current problem book. The post and the problem book are both worth a careful read. (I’m honored to be an advisor to the…
Read More Sociotechnical Approach to Cyber SecurityIt will come as no surprise to regular readers of this blog that I prefer the written word to audio and video, but 2020 being 2020, I now have a YouTube Channel, with the first video below:
Read More Video series
Post thumbnail
With engineering, courage, and leadership, we can do amazing things.
Read More Happy Apollo 11 Day!I enjoyed being a guest on Software Engineering Radio: Adam Shostack on Threat Modeling. It’s a substantial, in depth interview, running nearly 80 minutes, and covering a wide variety of topics.
Read More Software Engineering Radio